We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi again, I'd like to suggest another security practice that helps increasing CI stability and prevent tag renaming attack.
This practice is recommended by both the OpenSSF Scorecard and the github security hardening.
It is really important to ensure privileged actions and/or third-party actions are always hash-pinned.
Considering dependabot grouping PRs, it is now much more easier to ensure keeping actions immutable, but still up to date.
Any concerns or questions about it, let me know! Thanks.
A tag renaming attack is a type of attack whereby an attacker:
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
Hi again, I'd like to suggest another security practice that helps increasing CI stability and prevent tag renaming attack.
This practice is recommended by both the OpenSSF Scorecard and the github security hardening.
It is really important to ensure privileged actions and/or third-party actions are always hash-pinned.
Considering dependabot grouping PRs, it is now much more easier to ensure keeping actions immutable, but still up to date.
Any concerns or questions about it, let me know!
Thanks.
Additional Context
A tag renaming attack is a type of attack whereby an attacker:
The text was updated successfully, but these errors were encountered: